AU2004324546B2 - Secure authenticated channel - Google Patents
Secure authenticated channel Download PDFInfo
- Publication number
- AU2004324546B2 AU2004324546B2 AU2004324546A AU2004324546A AU2004324546B2 AU 2004324546 B2 AU2004324546 B2 AU 2004324546B2 AU 2004324546 A AU2004324546 A AU 2004324546A AU 2004324546 A AU2004324546 A AU 2004324546A AU 2004324546 B2 AU2004324546 B2 AU 2004324546B2
- Authority
- AU
- Australia
- Prior art keywords
- key
- ephemeral
- keph
- kperm
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
Abstract
A protocol (i.e. method) and corresponding apparatuses for calculating a session key. Two peers with knowledge of a common Diffie-Hellman permanent key, K<SUB>perrn</SUB>, and the identity and public key of the other peer. A first peer chooses a first ephemeral private key x and calculates the first corresponding ephemeral public key g<SUP>x</SUP>, which is sent to the second peer. The second peer calculates a second ephemeral public key g<SUP>y</SUP> in the same manner, and an ephemeral shared key K<SUB>eph</SUB>, hashes g<SUP>y</SUP>, K<SUB>eph</SUB>, K<SUB>perm</SUB>, and its identity, and sends g<SUP>y</SUP> and the hash to the first peer. The first peer calculates K<SUB>eph</SUB>, verifies the hash, and hashes g<SUP>x</SUP>, K<SUB>eph</SUB>, K<SUB>pem</SUB>, and its identity, and sends it to the second peer that verifies this hash. Thereafter, both peers obtain a session key by hashing K<SUB>eph</SUB>. The apparatuses may then use the session key to establish a secure authenticated channel (SAC).
Description
WO 2006/048043 PCT/EP2004/052722 SECURE AUTHENTICATED CHANNEL [0001] The invention relates generally to secure authenticated channels, and in particular to calculation of session keys for establishment of such channels for protection of digital content, for example in a digital television system. 5 [0002] Secure authenticated channels, well known in the art of cryptography, are established to allow two mutually authenticated devices (often called peers) to exchange information confidentially. A secure authenticated channel should preferably have the following characteristics: - mutual authentication of the peers; 10 - key confirmation, i.e. a common secret is established and at least one peer is able to verify that the secret indeed is common; - forward secrecy, i.e. old session keys cannot be calculated even when long-term secret keys (such as certificate secret keys) are known. [0003] These characteristics can be formally proven mathematically, and it 15 has been proven that if there exists a way to circumvent one of the above characteristics for a given cryptographic protocol, then the whole protocol may be broken with relative ease. [0004] Over the years, the cryptographic community has proposed many protocols for secure authenticated channels. Only a few of these channels 20 have been proven to fulfill the characteristics above. [0005] The protocols that do provide channels with the required characteristics all use a number of different cryptographic primitives: at least one asymmetric primitive (such as asymmetric encryption or digital signature), hash functions, Message Authentication Code (MAC), and, in 25 some of them, other primitives such as symmetric encryption. A problem with these protocols is that they are quite resource consuming and are as such difficult to implement in a device with limited computing capabilities, such as for example a portable security module, like a smart card. Another problem is that the use of many cryptographic primitives makes it difficult to prove that a 30 protocol is secure.
(0005a] Any discussion of documents, acts, materials, devices, articles or the like which has been included in the present specification is solely for the purpose of providing a context for the present invention. It is not to be taken as an admission that any or all of these matters form part of the prior art base or were common 5 general knowledge in the field relevant to the present invention as it existed before the priority date of each claim of this application. [0005b] Throughout this specification the word "comprise", or variations such as "comprises" or "comprising", will be understood to imply the inclusion of a stated element, integer or step, or group of elements, integers or steps, but not the 10 exclusion of any other element, integer or step, or group of elements, integers or steps. [0006] The present invention provides a secure access channel protocol that has the required characteristics and that is particularly suitable for implementation in a device with limited computing capabilities. 15 [0007] Throughout the description, it will be assumed that, as cryptography is a mature art, the basic concepts are well known. These concepts will for reasons of clarity and succinctness not be described more than necessary for the comprehension of the invention. SUMMARY OF THE INVENTION !0 [0008] In a first aspect, the invention is directed to a method of calculating a session key common to a first and a second device (11, 21). The first device has a certificate (Ca) comprising a public key (ga) and an identity corresponding to itself (IDa), and knowledge of the identity corresponding to itself (IDa), a private key (a), and the public key (ga). The second device has a corresponding certificate and knowledge. 25 The first device chooses a first ephemeral private key (x), calculates a first ephemeral public key (gx), and sends its certificate (Ca) and the first ephemeral public key (gx) to the second device. Upon reception of the certificate of the first device (Ca) and the first ephemeral public key (gx), the second device verifies the certificate of the first device(Ca), chooses a second ephemeral private key (y), calculates a second 30 ephemeral public key (gY), calculates an ephemeral shared key (Keph) from the first ephemeral public key (gx) and the second ephemeral private key (y), calculates a permanent key (Kperm,) from the public key of the first device (ga) and its own private key (b), calculates a first value (H(gy, Keph, Kperm, IDb)) from the second ephemeral 2a public key (gY), the ephemeral shared key (Keph), the permanent key (Kperm), and the identity corresponding to itself (IDb), and sends its certificate (Cb), the second ephemeral public key (gY) and the first value (H(gy, Keph, Kperm, IDb)) to the first device. Upon reception of the certificate of the second device (Cb), the second 5 ephemeral public key (gY) and the first value (H(gy, Keph, Kperm, IDb)) from the second device, the first device verifies the certificate of the second device(Cb), calculates the ephemeral shared key (Keph) from the second ephemeral public key (gY) and the first ephemeral private key (x), calculates the permanent key (Kperm) from the public key of the first device (gb) and its own private key (a), verifies the 2b WO 2006/048043 PCT/EP2004/052722 first value (H(gy, Keph, Kperm, IDb)), calculates a second value (H(gx, Keph, Kperm, IDa)) from the first ephemeral public key (g'), the ephemeral shared key (Keph), the permanent key (Kperm), and the identity corresponding to itself (IDA), and sends the second value (H(gx, Keph, Kperm, IDa)) to the second 5 device. Upon reception of the second value (H(gx, Keph, Kperm, IDa)), the second device verifies the second value (H(gx, Keph, Kperm, IDa)), and calculates a session key (Ksess) as a function of the epheme ral shared key (Keph). The first device also calculates the session key (Ksese) as a function of the ephemeral shared key (Keph). 10 [0009] In a second aspect, the invention is directed to a first device (11) for participating, with a second device (21), in the calculation of a session key. The first device has a certificate (C.) comprising a public key (go) and an identity corresponding to itself (ID 8 ), and knowledge of the identity corresponding to itself (IDa), a private key (a), and the public key (ga). The 15 first device comprises a processor (12) for choosing an ephemeral private key (x); calculating a first ephemeral public key (gx); sending its certificate (Ca) and the first ephemeral public key (gx) to the second devi Ce; receiving a certificate of the second device (Cb), a second ephemeral public key (gY) and a first value (H(gy, Keph, Kperm, IDb)) from the second device, the certificate 20 (Cb) comprising a public key (gb) and an identity of the second device (IDb), and the first value (H(gy, Keph, Kperm, IDb)) being calculated from the second ephemeral public key (gY), an ephemeral shared key (Keph), a permanent key (Kperm), and the identity corresponding to the second device (IDb); verifying the certificate of the second device(Cb); calculating the ephemeral shared 25 key (Keph) from the second ephemeral public key (gY) and the ephemeral private key (x); calculating the permanent key (Kperm) from the public key of the first device (gb) and its own private key (a); verifying the first value (H(gy, Keph, Kperm, IDb)); calculating a second value (H(gx, Keph,-Kperm, IDa)) from the first ephemeral public key (gX), the ephemeral shared key (Keph), the 30 permanent key (Kperm), and the identity corresponding to itself (IDa); sending the second value (H(gx, Keph, Kperm, IDo)) to the second device; and 3 WO 2006/048043 PCT/EP2004/052722 calculating a session key (Ksess) as a function of the ephemeral shared key (Keph). [0010] In a third aspect, the invention is directed to a second device (21) for participating, with a first device (11), in the calculation 5 of a session key. The second device has a certificate (Cb) comprising a public key (gb) and an identity corresponding to itself (IDb), and knowledge of the identity corresponding to itself (IDb), a private key (b), and the public key (gb). The second device comprises a processor (22) for receiving a certificate of the first device (Ca) and a first ephemeral public key (gX), the certificate 10 comprising a public key (ga) and an identity of the first device (IDa); verifying the certificate of the first device (Ca); choosing an ephemeral private key (y); calculating a second ephemeral public key (gY); calculating an ephemeral shared key (Keph) from the first ephemeral public key (gx) and the ephemeral private key (y); calculating a permanent key (Kperm) from the public key of the 15 first device (ga) and its own private key (b); calculating a first value (H(gy, Keph, Kperm, IDb)) from the second ephemeral public key (gY), the ephemeral shared key (Keph), the permanent key (Kperm), and the identity corresponding to itself (IDb); sending its certificate (Cb), the second ephemeral public key (gY) and the first value (H(gy, Keph, Kperm, IDb)) to the first device; receiving a 20 second value (H(gx, Keph, Kperm, IDa)) from the first device, the second value being calculated from the first ephemeral public key (gx), the ephemeral shared key (Keph), the permanent key (Kperm), and the identity corresponding to the first device (IDa); verifying the second value (H(gx, Keph, Kperm, IDa)); and 25 calculating the session key (Keess) as a function of the ephemeral shared key (Keph). [0011] Figure 1 illustrates the session key exchange according to an embodiment of the-present invention; [0012] Figure 1 illustrates the session key exchange according to an 30 embodiment of the present invention. [0013] Before the start of the method, the first device 11 knows its identity IlDa, its own private key a and public key ga. ga is a short notation for ga mod 4 WO 2006/048043 PCT/EP2004/052722 p, where a is the first device's private key, g is a known generator and p is a known prime number, as is well known in the art. The second device 21 has the corresponding knowledge: IDb, b, g . Certificates for the devices comprise the public key and the identity; Ca(ga, IDa) and Cb(gb, IDb), respectively. The 5 devices 11, 12 also have processors (CPU) 12, 22 adapted to effect the steps of the method. [0014] In step 252, the first device 11 chooses, preferably randomly, a first ephemeral private key x and calculates an ephemeral public key gx, that it sends together with its certificate Ca(ga, IDa) to the second device 21 in 10 message 254. [0015] Upon reception of message 254, the second device 21 verifies the certificate Ca(ga, IDa) of the first device 11; step 256. If the verification is unsuccessful, the second device 21 abandons the method. However, if the verification is successful, then it chooses, preferably randomly, a second 15 ephemeral private key y, and calculates a second ephemeral public key gY, a ephemeral shared key Keph = g (, and a Diffie-Hellman permanent key Kprm = ab ga, in step 258. [0016] In step 260, the second device 21 then calculates a first hash value H(gy, Keph, Kparm, IDb) using the second ephemeral public key gY, the 20 ephemeral shared key Keph, the Diffie-Hellman permanent key Kperm, and its identity IDb, and a suitable hash function, for example one of the many functions known in the art. It should be known that other suitable functions than hash functions may be used for this and the following hash value calculations of the embodiment. The second device 21 then sends the 25 second ephemeral public key gy, its certificate Cb(gb, IDb), and the first hash value H(gy, Keph, Kperm, IDb) to the first device 11 in message 262. [0017] Upon reception of message 262, the first device 11 verifies the certificate Cb(gb, IDb) of the second device 21; step 264. If the verification is unsuccessful, the first device 11 abandons the method. However, if the 30 verification is successful, the first device 11 computes the ephemeral shared key Keph and the Diffie-Hellman permanent key Kperm in step 266. In step 268, the first device 11 verifies the first hash value, using the same hash function 5 WO 2006/048043 PCT/EP2004/052722 as the second device 21 used in step 260. If the first hash value is not verified, then the first device 11 aborts the method, but if the first hash value is verified, then the first device 11 calculates a second hash value H(gx, Keph, Kperm, IDa) in step 270, using the first ephemeral public key gx, the ephemeral 5 shared key Keph, the Diffie-Hellman permanent key Kperm and its identity IDa. The first device 11 sends the second hash value H(gx, Keph, Kperm, IDa) to the second device 21 in message 272. [0018] Upon reception of the message 272, the second device 21 verifies the second hash value H(gx, Keph, Kperm, IDa) in step 274, using the same hash 1o function as the one used by the first device 10 in step 270. If the second hash value is not verified, then the second device 21 aborts the protocol, but if the second hash value is verified, then the second device 21 calculates, in step 276, a session key Ksess by calculating the hash value of the ephemeral shared key Keph. Then it sends a "ready" message 278 to the first device 11 15 to indicate that the second hash value H(gx, Keph, Kperm, IDa) has been successfully verified and the session key Ksess has been calculated. [0019] Upon reception of the "ready" message 278 from the second device 21, the first device 11 calculates, in step 280, the same session key Ksess by calculating the hash value of the ephemeral shared key Keph, using the same 20 hash function as that used by the second device 21 in step 276. Then the first device 11 sends a "ready" message 282 to the second device 21 to indicate that it too has calculated the session key Ksess. [0020] At this point, both the first device 11 and the second device 21 possess the session key Ksess that can be used to protect information sent 25 between them. With the protocol according to the invention, the confidentiality of the private keys is assured, the authentication and the key confirmation are mutual. Furthermore, the forward secrecy and the robustness against leakage of previous session key are assured as well. A person skilled in the art will appreciate that the three hash functions 30 described in connection with steps 212, 220, and 226 may be different, the same, or that two of them are the same while the third is different. 6 WO 2006/048043 PCT/EP2004/052722 [0021] It should be noted that where this description makes reference to random numbers, these numbers are often in practice pseudo-random. [0022] The expression "security module" encompasses any kind of security module, portable or stationary, that comprises a processor and can be used 5 to establish a secure authenticated channel according to the invention, such as for example smart cards, PC cards (formerly known as PCMCIA cards), and integrated circuits soldered to the Printed Circuit Board of an apparatus such as a television. [0023] The embodiment described hereinbefore is particularly suited for io implementation in a digital television set and a security module. However, a person skilled in the art will appreciate that the invention may be implemented and used by any kind of device with the necessary resources, i.e. a processor and preferably a memory storing the necessary information. Non-limitative examples of other devices are DVD players, computers 15 interacting with external accessories, and Automatic Teller Machines (ATMs) and bankcards. 7
Claims (6)
1. A method of calculating a session key shared by a first and a second device, the first device having a certificate (Ca) comprising a public key (ga) and an 5 identity corresponding to itself (IDa), and knowledge of the identity corresponding to itself (IDa), a private key (a), and the public key (ga) the second device having a certificate (Cb) comprising a public key (gb) and an identity corresponding to itself (IDb), and knowledge of the identity corresponding to itself (IDb), a private key (b), and the public key (gb), 10 the method comprising the steps of: at the first device: - choosing a first ephemeral private key (x); - calculating a first ephemeral public key (gx); - sending its certificate (Ca) and the first ephemeral public key (g') to the 15 second device; at the second device: - receiving the certificate of the first device (Ca) and the first ephemeral public key (gx); - verifying the certificate of the first device(Ca); 20 - choosing a second ephemeral private key (y); - calculating a second ephemeral public key (gY); - calculating an ephemeral shared key (Keph) from the first ephemeral public key (gx) and the second ephemeral private key (y); - calculating a permanent key (Kperm) from the public key of the first device 25 (ga) and its own private key (b); - calculating a first value (H(gy, Keph, Kperm, IDb)) from the second ephemeral public key (gY), the ephemeral shared key (Keph), the permanent key (Kperm), and the identity corresponding to itself (IDb); - sending its certificate (Cb), the second ephemeral public key (gY) and the 30 first value (H(gy, Keph, Kperm, IDb)) to the first device; at the first device: - receiving the certificate of the second device (Cb), the second ephemeral public key (gY) and the first value (H(gy, Keph, Kperm, IDb)) from the second device; 35 - verifying the certificate of the second device(Cb); - calculating the ephemeral shared key (Keph) from the second ephemeral public key (gY) and the first ephemeral private key (x); - calculating the permanent key (Kperm) from the public key of the second device (gb) and its own private key (a); 5 - verifying the first value (H(gy, Keph, Kperm, 1Db)); - calculating a second value (H(gx, Keph, Kperm, IDa)) from the first ephemeral public key (gX), the ephemeral shared key (Keph), the permanent key (Kperm), and the identity corresponding to itself (IDa); - sending the second value (H(gx, Keph, Kperm, IDa)) to the second device; 10 at the second device: - receiving the second value (H(gx, Keyh, Kperm, IDa)); - verifying the second value (H(gx, Keph, Kperm, IDa)); and - calculating a session key (Ksess) as a function of the ephemeral shared key (Keph); and 15 at the first device: - calculating the session key (Ksess) as a function of the ephemeral shared key (Keph).
2. A first device for participating, with a second device, in the calculation of a 20 shared session key, the first device having a certificate (Ca) comprising a public key (ga) and an identity corresponding to itself (IDa), and knowledge of the identity corresponding to itself (IDa), a private key (a), and the public key (ga), the first device comprising a processor for: - choosing an ephemeral private key (x); 25 - calculating a first ephemeral public key (gx); - sending its certificate (Ca) and the first ephemeral public key (gx) to the second device; - receiving a certificate of the second device (Cb), a second ephemeral public key (gY) and a first value (H(g , Keph, Kperm, IDb)) from the second device, the 30 certificate (Cb) comprising a public key (gb) and an identity of the second device (IDb), and the first value (H(gy, Keph, Kperm, IDb)) being calculated from the second ephemeral public key (gY), an ephemeral shared key (Keph), a permanent key (Kperm), and the identity corresponding to the second device (IDb); 35 - verifying the certificate of the second device(Cb); 9 - calculating the ephemeral shared key (Keph) from the second ephemeral public key (gY) and the ephemeral private key (x); - calculating the permanent key (Kperm) from the public key of the second device (gb) and its own private key (a); 5 - verifying the first value (H(gy, Keph, Kperm, IDb)); - calculating a second value (H(gx, Keph, Kperm, IDa)) from the first ephemeral public key (gx), the ephemeral shared key (Keph), the permanent key (Kperm), and the identity corresponding to itself (IDa); - sending the second value (H(gx, Keph, Kperm, IDa)) to the second device; and 10 - calculating a session key (Ksess) as a function of the ephemeral shared key (Keph).
3. A second device for participating, with a first device, in the calculation of a shared session key, the second device having a certificate (Cb) comprising a 15 public key (gb) and an identity corresponding to itself (IDb), and knowledge of the identity corresponding to itself (IDb), a private key (b), and the public key (gb), the second device comprising a processor for: - receiving a certificate of the first device (Ca) and a first ephemeral public key 20 (gx), the certificate comprising a public key (g') and an identity of the first device (IDa); - verifying the certificate of the first device (Ca); - choosing an ephemeral private key (y); - calculating a second ephemeral public key (gY); 25 - calculating an ephemeral shared key (Keph) from the first ephemeral public key (g') and the ephemeral private key (y); - calculating a permanent key (Kperm) from the public key of the first device (ga) and its own private key (b); - calculating a first value (H(gy, Keph, Kperm, IDb)) from the second ephemeral 30 public key (gY), the ephemeral shared key (Keph), the permanent key (Kperm), and the identity corresponding to itself (IDb); - sending its certificate (Cb), the second ephemeral public key (gY) and the first value (H(gy, Keph, Kperm, IDb)) to the first device; - receiving a second value (H(gx, Keph, Kperm, IDa)) from the first device, the 35 second value being calculated from the first ephemeral public key (gX), the ephemeral shared key (Keph), the permanent key (Kperm), and the identity corresponding to the first device (IDa); - verifying the second value (H(g", Keph, Kperm, IDa)); and - calculating the session key (Ksess) as a function of the ephemeral shared 5 key (Keph).
4. A method of calculating a session key shared by a first and a second device according to claim 1 substantially as hereinbefore described with reference to the accompanying drawings. 10
5. A first device according to claim 2 substantially as hereinbefore described with reference to the accompanying drawings.
6. A second device according to claim 3 substantially as hereinbefore 15 described with reference to the accompanying drawings. 11
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2008201456A AU2008201456B2 (en) | 2004-10-29 | 2008-03-28 | Secure authenticated channel |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/EP2004/052722 WO2006048043A1 (en) | 2004-10-29 | 2004-10-29 | Secure authenticated channel |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU2008201456A Division AU2008201456B2 (en) | 2004-10-29 | 2008-03-28 | Secure authenticated channel |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| AU2004324546A1 AU2004324546A1 (en) | 2006-05-11 |
| AU2004324546B2 true AU2004324546B2 (en) | 2009-12-24 |
Family
ID=34959210
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU2004324546A Ceased AU2004324546B2 (en) | 2004-10-29 | 2004-10-29 | Secure authenticated channel |
Country Status (12)
| Country | Link |
|---|---|
| EP (1) | EP1805929B1 (en) |
| JP (1) | JP4719749B2 (en) |
| KR (2) | KR101075316B1 (en) |
| CN (1) | CN101048970B (en) |
| AT (1) | ATE477636T1 (en) |
| AU (1) | AU2004324546B2 (en) |
| BR (1) | BRPI0419162A (en) |
| DE (1) | DE602004028670D1 (en) |
| ES (1) | ES2348240T3 (en) |
| MX (1) | MX2007005037A (en) |
| RU (1) | RU2488226C2 (en) |
| WO (1) | WO2006048043A1 (en) |
Families Citing this family (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7646872B2 (en) | 2004-04-02 | 2010-01-12 | Research In Motion Limited | Systems and methods to securely generate shared keys |
| CN102017510B (en) * | 2007-10-23 | 2013-06-12 | 赵运磊 | Method and structure for self-sealed joint proof-of-knowledge and Diffie-Hellman key-exchange protocols |
| CN100488099C (en) | 2007-11-08 | 2009-05-13 | 西安西电捷通无线网络通信有限公司 | Bidirectional access authentication method |
| CN100553212C (en) | 2007-11-16 | 2009-10-21 | 西安西电捷通无线网络通信有限公司 | A kind of reliable network access control system of differentiating based on the ternary equity |
| CN101222328B (en) | 2007-12-14 | 2010-11-03 | 西安西电捷通无线网络通信股份有限公司 | Entity bidirectional identification method |
| US8452017B2 (en) | 2007-12-21 | 2013-05-28 | Research In Motion Limited | Methods and systems for secure channel initialization transaction security based on a low entropy shared secret |
| EP2073430B1 (en) | 2007-12-21 | 2013-07-24 | Research In Motion Limited | Methods and systems for secure channel initialization transaction security based on a low entropy shared secret |
| US8495375B2 (en) | 2007-12-21 | 2013-07-23 | Research In Motion Limited | Methods and systems for secure channel initialization |
| EP2073484B1 (en) * | 2007-12-21 | 2014-07-02 | BlackBerry Limited | Methods and systems for secure channel initialization |
| KR20090076606A (en) * | 2008-01-09 | 2009-07-13 | 삼성전자주식회사 | Method for recording content on a disc, method for providing a title key, apparatus for recording content on the disc, and content providing server |
| KR101495722B1 (en) * | 2008-01-31 | 2015-02-26 | 삼성전자주식회사 | Method and apparatus for guaranteeing communication security in home network |
| KR100948405B1 (en) * | 2008-05-16 | 2010-03-19 | 숭실대학교산학협력단 | Secure and Portable EAP-AKA Authentication without UICC |
| KR101016642B1 (en) * | 2008-11-27 | 2011-02-25 | 삼성전자주식회사 | Mobile system, service system and key authentication method for managing key in local wireless communication |
| EP2207340A1 (en) | 2009-01-12 | 2010-07-14 | Thomson Licensing | Method and device for reception of control words, and device for transmission thereof |
| CN101600204B (en) * | 2009-06-30 | 2011-05-11 | 中兴通讯股份有限公司 | File transmission method and system |
| JP5355263B2 (en) * | 2009-07-08 | 2013-11-27 | 日本電信電話株式会社 | Key sharing apparatus, key sharing method and program |
| CN101887503B (en) * | 2010-06-24 | 2012-06-27 | 北京农业信息技术研究中心 | Seed circulation supervision system and authentication method thereof |
| JP5238045B2 (en) * | 2011-02-02 | 2013-07-17 | トムソン ライセンシング | Secure authentication channel |
| EP2793157A1 (en) | 2013-04-19 | 2014-10-22 | Thomson Licensing | Apparatus and method for managing passwords |
| EP2876569A1 (en) | 2013-11-26 | 2015-05-27 | Thomson Licensing | Apparatuses and methods for password authentication |
| EP2955654A1 (en) | 2014-06-12 | 2015-12-16 | Thomson Licensing | Apparatus and method for password authentication |
| EP2955655A1 (en) | 2014-06-12 | 2015-12-16 | Thomson Licensing | Apparatuses and methods for password authentication |
| WO2016033610A1 (en) * | 2014-08-29 | 2016-03-03 | Visa International Service Association | Methods for secure cryptogram generation |
| SG11201704984SA (en) | 2015-01-27 | 2017-07-28 | Visa Int Service Ass | Methods for secure credential provisioning |
| EP3067811A1 (en) | 2015-03-12 | 2016-09-14 | Thomson Licensing | Apparatus and method for password authentication |
| US9801055B2 (en) * | 2015-03-30 | 2017-10-24 | Qualcomm Incorporated | Authentication and key agreement with perfect forward secrecy |
| EP3086226A1 (en) | 2015-04-23 | 2016-10-26 | Thomson Licensing | Device and method for providing code blocks to a client during execution of software code |
| CN105610575B (en) * | 2015-09-22 | 2019-01-08 | 西安电子科技大学 | The cross-domain end-to-end key exchange method of spatial information net |
| US10129026B2 (en) | 2016-05-03 | 2018-11-13 | Certicom Corp. | Method and system for cheon resistant static diffie-hellman security |
| EP3748900A1 (en) * | 2017-03-01 | 2020-12-09 | Apple Inc. | System access using a mobile device |
| KR102648499B1 (en) * | 2021-03-11 | 2024-03-19 | 한국전자통신연구원 | Apparatus and method for generating key based on machine learning |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5889865A (en) * | 1995-05-17 | 1999-03-30 | Certicom Corp. | Key agreement and transport protocol with implicit signatures |
| US5953420A (en) * | 1996-10-25 | 1999-09-14 | International Business Machines Corporation | Method and apparatus for establishing an authenticated shared secret value between a pair of users |
| US20040081321A1 (en) * | 1995-04-21 | 2004-04-29 | Marinus Struik | Key agreement and transport protocol |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| RU2077113C1 (en) * | 1995-04-19 | 1997-04-10 | Военная академия связи | Method for cryptoprotection of telecommunication know-how systems |
| US5761305A (en) * | 1995-04-21 | 1998-06-02 | Certicom Corporation | Key agreement and transport protocol with implicit signatures |
| US6081893A (en) * | 1997-05-28 | 2000-06-27 | Symantec Corporation | System for supporting secured log-in of multiple users into a plurality of computers using combined presentation of memorized password and transportable passport record |
| US6724894B1 (en) * | 1999-11-05 | 2004-04-20 | Pitney Bowes Inc. | Cryptographic device having reduced vulnerability to side-channel attack and method of operating same |
| US7047408B1 (en) * | 2000-03-17 | 2006-05-16 | Lucent Technologies Inc. | Secure mutual network authentication and key exchange protocol |
| RU2183348C2 (en) * | 2000-07-19 | 2002-06-10 | Военный университет связи | Object authentication method |
| US6986040B1 (en) * | 2000-11-03 | 2006-01-10 | Citrix Systems, Inc. | System and method of exploiting the security of a secure communication channel to secure a non-secure communication channel |
| RU2184390C1 (en) * | 2000-11-08 | 2002-06-27 | Военный университет связи | Method for authenticating objects |
| US8219801B2 (en) * | 2003-03-10 | 2012-07-10 | International Business Machines Corporation | Method of authenticating digitally encoded products without private key sharing |
| CN1455543A (en) * | 2003-05-30 | 2003-11-12 | 武汉理工大学 | Encryption key agreement method |
-
2004
- 2004-10-29 DE DE602004028670T patent/DE602004028670D1/en active Active
- 2004-10-29 CN CN2004800442942A patent/CN101048970B/en not_active Expired - Fee Related
- 2004-10-29 ES ES04822347T patent/ES2348240T3/en active Active
- 2004-10-29 MX MX2007005037A patent/MX2007005037A/en active IP Right Grant
- 2004-10-29 AT AT04822347T patent/ATE477636T1/en not_active IP Right Cessation
- 2004-10-29 KR KR1020097022717A patent/KR101075316B1/en active IP Right Grant
- 2004-10-29 AU AU2004324546A patent/AU2004324546B2/en not_active Ceased
- 2004-10-29 JP JP2007538278A patent/JP4719749B2/en not_active Expired - Fee Related
- 2004-10-29 BR BRPI0419162-5A patent/BRPI0419162A/en active Search and Examination
- 2004-10-29 EP EP04822347A patent/EP1805929B1/en not_active Not-in-force
- 2004-10-29 WO PCT/EP2004/052722 patent/WO2006048043A1/en active Application Filing
- 2004-10-29 KR KR1020077009716A patent/KR101075334B1/en active IP Right Grant
-
2009
- 2009-01-23 RU RU2009102230/08A patent/RU2488226C2/en not_active IP Right Cessation
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040081321A1 (en) * | 1995-04-21 | 2004-04-29 | Marinus Struik | Key agreement and transport protocol |
| US5889865A (en) * | 1995-05-17 | 1999-03-30 | Certicom Corp. | Key agreement and transport protocol with implicit signatures |
| US5953420A (en) * | 1996-10-25 | 1999-09-14 | International Business Machines Corporation | Method and apparatus for establishing an authenticated shared secret value between a pair of users |
Also Published As
| Publication number | Publication date |
|---|---|
| JP4719749B2 (en) | 2011-07-06 |
| ATE477636T1 (en) | 2010-08-15 |
| DE602004028670D1 (en) | 2010-09-23 |
| AU2004324546A1 (en) | 2006-05-11 |
| KR20090119791A (en) | 2009-11-19 |
| KR20070070198A (en) | 2007-07-03 |
| BRPI0419162A (en) | 2007-12-11 |
| CN101048970B (en) | 2012-05-23 |
| EP1805929B1 (en) | 2010-08-11 |
| CN101048970A (en) | 2007-10-03 |
| KR101075316B1 (en) | 2011-10-19 |
| KR101075334B1 (en) | 2011-10-19 |
| EP1805929A1 (en) | 2007-07-11 |
| RU2009102230A (en) | 2010-07-27 |
| MX2007005037A (en) | 2007-06-19 |
| JP2008518530A (en) | 2008-05-29 |
| ES2348240T3 (en) | 2010-12-01 |
| WO2006048043A1 (en) | 2006-05-11 |
| RU2488226C2 (en) | 2013-07-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2004324546B2 (en) | Secure authenticated channel | |
| CN107579819B (en) | A kind of SM9 digital signature generation method and system | |
| US7809946B2 (en) | Secure authenticated channel | |
| US8971540B2 (en) | Authentication | |
| US20150244525A1 (en) | Authentication | |
| EP1675299B1 (en) | Authentication method using bilinear mappings | |
| US9106644B2 (en) | Authentication | |
| US9531540B2 (en) | Secure token-based signature schemes using look-up tables | |
| Jarecki et al. | Device-enhanced password protocols with optimal online-offline protection | |
| JPH08507619A (en) | Two-way public key verification and key matching for low cost terminals | |
| EP1906587A2 (en) | Secure authenticated channel | |
| Lee et al. | A computation-efficient three-party encrypted key exchange protocol | |
| Hsu et al. | Password authenticated key exchange protocol for multi-server mobile networks based on Chebyshev chaotic map | |
| KR100588302B1 (en) | Method Generating Session Key For Group Communication In Mobile Environment | |
| AU2008201456B2 (en) | Secure authenticated channel | |
| Hanzlik et al. | Mutual chip authentication | |
| RU2359416C2 (en) | Secured channel with authentication | |
| JP5238045B2 (en) | Secure authentication channel | |
| Al-Bakri et al. | A novel peer-to-peer SMS security solution using a hybrid technique of NTRU and AES-Rijndael | |
| CA2486267C (en) | Secure authenticated channel | |
| CN101222323A (en) | Safety authentication channel | |
| CN117176329A (en) | Session key generation method and device, processor and electronic equipment | |
| KR100667213B1 (en) | Method for Generating Session Keys for Low-Power Mobile Devices | |
| Lin et al. | A secure and efficient mutual authentication protocol using hash function | |
| Cheng-Chi et al. | Cryptanalysis of Some Authenticated Key Agreement Protocols |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FGA | Letters patent sealed or granted (standard patent) | ||
| MK14 | Patent ceased section 143(a) (annual fees not paid) or expired |